09-25-2020 01:45 AM
Hi Community
Someone know how to deploy Storm-Control Features in a SDA deployment? Just using CLI Templates?
What about the feature Dynamic ARP Inspection?
Just wondering how to deploy these features. Anything on the roadmap for newer DNA release?
Kind regards
09-25-2020 05:42 AM
Depending on what version of DNAC you are running your best bet is to probably rely on the template editor to deploy custom configs as you wish. I do know via TAC that they are working on providing customers the ability to create custom authentication templates. This feature request can be tracked here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs05020
HTH!
07-19-2023 08:39 AM - edited 07-23-2023 07:47 AM
The following document suggests that DAI is enabled by default with SD-Access. Not explicit though.
I have tested this with a 9300 at 17.6.5, and actually "debug platform dai all" shows the arp packets received on a fabric SVI, but doesn't show them when coming in on a normal SVI. So apparently on fabric SVIs DAI is implicitly enabled.
But receiving ARPs from an end device which is not using DHCP is still working, meaning that DAI is actually not working on the fabric VLAN as it should.
It is also a challenge to enable it with a CLI template, as in a CLI template I was not able to find any way to list the vlans configured on the switch dynamically. So probably the vlan assignments should be done statically and then a static CLI template can enable DAI on those vlans.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide